[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tomcat userid (was Tomcat 3.3 / 4.0 ? When?)

>>>>> "GOMEZ" == GOMEZ Henri <hgomez@slib.fr> writes:

GOMEZ> Yep, I added also in tomcat bin wrapper a :

GOMEZ> chown -R tcuser:tcuser /var/tomcat/

GOMEZ> to make sure that tomcat is running with the rigth profile

That is not a good idea. The tomcat user should not own any files
(besides logfiles and so on). If someone manages to break into the
tomcat user account, they can change all the files owned by this user.
With your settings, they can change all web applications.

G. ``Iggy'' Geens - ICQ: #64109250
Home: <ggeens@iname.com> - Work: <guy.geens@cgey.be>
WWW: http://users.pandora.be/guy.geens/
`I want quality, not quantity. But I want lots of it!'

Reply to: